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(57) Encrypted music data and additional informa- 
tion required for access to a server (30) are copied from 
a CD-ROM (200) to a memory card (1 1 0). The memory 
card (110) receives a content decryption key (Kc) re- 
quired for decrypting the encrypted music data, control 
information data (AC1) for restricting times of access to 
the memory card and others distributed from the server 
(30). 
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Description 

Technical Field 

[0001] The present invention relates to a data distri- 
bution system, which supplies content information to ter- 
minals such as cellular phones, and distributes informa- 
tion for allowing reproduction of the content information. 

Background Art 

[0002] By virtue of the progress in the Internet, infor- 
mation communication networks and the like, each of 
users can now easily access network information 
through a personal terminal employing a cellular phone 
or the like. 

[0003] In such information communication, informa- 
tion is transmitted through digital signals. Therefore, 
each user can copy, e.g., music and video information 
transmitted via the aforementioned information commu- 
nication network with out degradation in the audio quality 
and picture quality. When any content data subject to 
copyright protection such as music data and image data 
is to be transmitted on the information communication 
network, copyrights of the copyright owner may be sig- 
nificantly infringed unless some appropriate measures 
to protect the copyrights are taken. 
However, if copyright protection is given top priority so 
that distribution of content data over the disseminating 
digital information communication network is sup- 
pressed, the copyright owner who can essentially collect 
a predetermined copyright royalty for copies of a copy- 
righted work will also incur some disadvantages. 
[0004] Instead of the distribution over the digital infor- 
mation communication network described above, distri- 
bution may be performed via record mediums storing 
digital data in a reproducible manner. In connection with 
the latter case, music data stored in CDs (Compact 
Disks) on the market can be freely copied in principle 
onto magneto-optical disks (e.g., MDs) as long as the 
duplication is only for the personal use. However, a per- 
sonal user performing digital recording or the like indi- 
rectly pays predetermined amounts in prices of the dig- 
ital recording device itself and the medium as guaranty 
moneys to a copyright owner. 

[0005] Further, the user can copy the music data from 
a CD to an MD, but cannot copy it from an MDto another 
MD. 

[0006] In view of the above, sufficient measures must 
be taken for the copyright protection when distributing 
the content data such as music data and image data 
taking the form of digital information to the public. 
[0007] For example, a copyright owner orthe like may 
wish to distribute music data in an appropriate distribu- 
tion manner to an indefinite number of users, e.g., for 
sales promotion of new songs or tunes. However, if re- 
producible music data were simply distributed without 
reservations or restrictions over the digital information 



communication network, the copyright owner would be 
unable to collect charges from users without difficulty. 
[0008] After a user receives the above music data, it 
is necessary to prevent unrestricted production of dupli- 
5 cations in a reproducible form. 

[0009] For another distribution system of music data, 
experiments are being conducted on operation of auto- 
matic dispensers or vending machines of music data to 
be located in railway stations . convenience stores and 
others. In this system, the music data is distributed to 
the automatic dispensers over a digital information com- 
munication network, and users can purchase the music 
content information from the automatic dispenser. 
[0010] For selling the music data in the above auto- 
matic dispensers, the music data is recorded on a wri- 
table record medium such as a MD. Assuming that tens 
of seconds are required for recording one tune or song, 
a user who is purchasing about ten tunes at a time must 
wait several minutes for the purchase. 

Disclosure of the Invention 

[0011] The present invention has been made for over- 
coming the above disadvantages, and it is an object of 
the invention to provide a data distribution system, 
which can supply music content data to users capable 
of datatransmission over an information communication 
network, e.g., of cellular phones while securing copy- 
rights. 

[0012] Another object of the invention is to provide a 
record medium, which allows supply of music content 
data to users capable of data transmission over an in- 
formation communication network, e.g., of cellular 
phones while securing copyrights. 
[001 3] Still another object of the invention is to provide 
a data distribution system, which can prevent unrestrict- 
ed reproduction and unrestricted duplication of distrib- 
uted content data without proper authorization from a 
copyright owner. 

[001 4] For achieving the above objects, the invention 
provides a data distribution system for distributing en- 
crypted content data to each of terminals of a plurality 
of users, including a record medium, a distribution serv- 
er and a content data reproducing device. The record 
medium bears the encrypted content data and plain-text 
additional information data for obtaining decryption in- 
formation data to be used for decryption processing of 
the encrypted content data. The distribution server dis- 
tributes the decryption information data over an infor- 
mation transmission network. The content data repro- 
ducing device receives the encrypted content data and 
the plain-text additional information data from the record 
medium, stores the received data, receives the decryp- 
tion information data from the distribution server speci- 
fied based on the plain-text additional information data 
over the information transmission network, decrypts the 
encrypted content data in accordance with the decryp- 
tion information data, and outputs information corre- 
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sponding to content data obtained by decrypting the en- 
crypted content data. 

[0015] Preferably, the content data reproducing de- 
vice includes a reading device, a memory, a receiving 
device, a decrypting device and a reproducing device. 
The reading device reads the encrypted content data 
and the plain-text additional information data from the 
record medium. The memory receives and stores the 
encrypted content data and the plain-text additional in- 
formation data applied from the reading device. The re- 
ceiving device receives the decryption information data 
from the specified distribution server over the informa- 
tion transmission network. The decrypting device 
changes the encrypted content data into plain text 
based on the decryption information data. The repro- 
ducing device receives the output of the decrypting de- 
vice, and produces information corresponding to the 
content data. 

[001 6] More preferably, the memory is a memory card 
removably attached to the content data reproducing de- 
vice. 

[0017] Preferably, the information transmission net- 
work is a digital cellular phone network, and the content 
data reproducing device includes a cellular phone. The 
cellular phone includes a data I/O terminal, a memory 
card, a decrypting device and a reproducing device. The 
data I/O terminal can externally transmit digital data. 
The memory card is removably attached to the cellular 
phone for receiving and storing the encrypted content 
data and the plain-text additional information data read 
from the record medium and applied via the data I/O ter- 
minal. The decrypting device changes the encrypted 
content data into plain text based on the decryption in- 
formation data received from the specified distribution 
server over the digital cellular phone network. The re- 
producing device receives the output of the reproducing 
device, and reproduces information corresponding to 
the content data. 

[0018] Alternatively and preferably, the information 
transmission network is a digital cellular phone network, 
and the content data reproducing device includes a cel- 
lular phone for receiving the decryption information data 
from the specified distribution server overthe digital cel- 
lular phone network. The cellular phone includes a de- 
crypting device and a reproducing device. The decrypt- 
ing device changes the encrypted content data into plain 
text based on the decryption information data. The re- 
producing device receives the output of the reproducing 
device, and reproduces information corresponding to 
the content data. The content data reproducing device 
further includes a memory card and a memory card drive 
device. The memory card is removably attached to the 
cellular phone for receiving and storing the encrypted 
content data and the plain-text additional information 
data. The memory card drive device transfers the data 
from the record medium to the memory card. 
[0019] Alternatively and preferably, the information 
transmission network is a digital cellular phone network, 



and the content data reproducing device includes a cel- 
lular phone for receiving the decryption information data 
from the specified distribution server over the digital cel- 
lular phone network. The cellular phone includes a de- 

5 crypting device and a reproducing device. The decrypt- 
ing device changes the encrypted content data into plain 
text based on the decryption information data. The re- 
producing device receives the output of the reproducing 
device, and reproduces information corresponding to 

10 the content data. The content data reproducing device 
further includes a memory card and a memory card drive 
device. The memory card is removably attached to the 
cellular phone for receiving and storing the encrypted 
content data and the plain-text additional information 

15 data. The memory card drive device transfers the data 
from the record medium to the memory card. 
[0020] The record medium bears the encrypted con- 
tent data, the plain-text additional information data, 
specifying data for specifying a plurality of predeter- 

20 mined unique keys, and decryption information data en- 
crypted with the unique key corresponding to the spec- 
ifying data into a decodable form. The memory card 
drive device includes a unique key holding portion and 
a unique key decryption processing portion. The unique 

25 key holding portion holds the plurality of unique keys se- 
lectively designated by the specifying data. The unique 
key decryption processing portion decrypts the encrypt- 
ed decryption information data obtained from the record 
medium with the unique key corresponding to the spec- 

30 ifying data obtained from the record medium, and ac- 
cepts the decryption information data. 
The accepted decryption information data is transferred 
to the memory card based on the fact that at least the 
memory card drive device can accept the decryption in- 

35 formation data. 

[0021] According to another aspect of the invention, 
a data distribution system for distributing encrypted con- 
tent data to each of terminals of a plurality of users, in- 
cluding a record medium and a content data reproduc- 

40 ing device. The record medium bears the encrypted 
content data and plain-text additional information data 
for obtaining decryption information data to be used for 
decryption processing of the encrypted content data. 
The content data reproducing device receives the en- 

45 crypted content data and the plain-text additional infor- 
mation data from the record medium, stores the re- 
ceived data, receives the decryption information data 
from the distribution server specified based on the plain- 
text additional information data over the information 

50 transmission network, decrypts the encrypted content 
data in accordance with the decryption information data, 
and outputs information corresponding to content data 
obtained by changing the encrypted content data into 
plain text. 

55 [0022] According to still another aspect of the inven- 
tion, a record medium is used in a data distribution sys- 
tem provided with a distribution server for distributing 
decryption information data used for decryption 
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network; 

Fig. 9 is a flowchart representing reproduction 
processing for decrypting music data in cellular 
phone 100 and externally outputting it as music; 
5 Fig. 1 0 conceptually shows a structure of a data dis- 

tribution system of a second embodiment of the in- 
vention; 

Fig. 11 is a schematic block diagram showing a 
structure of a memory card drive device 500 shown 
10 in Fig. 10; 

Fig. 12 is a first flowchart representing an operation 
of copying encrypted music datafrom CD-ROM 200 
to memory card 110; 

Fig. 1 3 is a second flowchart representing an oper- 
as ation of copying the encrypted music data from 
CD-ROM 200 to memory card 110; 
Fig. 14 represents characteristics of key data, li- 
cense information data and others used for commu- 
nication in a data distribution system in a third em- 
20 bodiment; 

Fig. 15 is a schematic block diagram showing a 
structure of a license server 31 in the third embod- 
iment; 

Fig. 16 is a schematic block diagram showing a 
25 structure of a cellular phone 101 in the third embod- 
iment; 

Fig. 1 7 is a first flowchart representing an operation 
of distributing license information data and others 
to cellular phone 1 01 over acellular phone network; 
30 Fig. 1 8 is a second flowchart representing an oper- 
ation of distributing the license information data and 
others to cellular phone 101 overthe cellular phone 
network; and 

Fig. 19 is a flowchart representing reproduction 
35 processing for decrypting music data in cellular 
phone 101 and externally outputting it as music. 

Best Modes for Carrying Out the Invention 

40 [First Embodiment] 



processing of encrypted content data over an informa- 
tion transmission network for the purpose of distributing 
the encrypted content data to each of terminals of a plu- 
rality of users, each of said terminals including a content 
data reproducing device for receiving the encrypted 
content data and the plain-text additional information 
data for storing the same, receiving the decryption in- 
formation data over the information transmission net- 
work from the distribution server specified based on the 
plain-text additional information data, decrypting the en- 
crypted content data in accordance with the decryption 
information data, and outputting information corre- 
sponding to content data obtained by decrypting the en- 
crypted content data. The record medium includes first 
and second regions. The first region bears at least the 
encrypted content data. The second region bears the 
plain-text additional information data for obtaining the 
decryption information data used for decryption 
processing of the encrypted content data. 
[0023] According to the distribution system of the in- 
vention, music content data can be easily supplied to 
users, who can transmit data over an information com- 
munication network of, e.g.. cellular phones, while se- 
curing copyrights, and each user can start reproduction 
of the music within a short time. By using the record me- 
dium according to the invention, music content data can 
be easily supplied to users, who can transmit data over 
an information communication network of, e.g., cellular 
phones, while securing copyrights, and each user can 
start reproduction of the music within a short time. Fur- 
ther, it is possible to prevent duplication of the distribut- 
ed decryption information data without authorization 
from a copyright owner. 

Brief Description of the Drawings 

[0024] 

Fig. 1 conceptually shows a whole structure of a da- 
ta distribution system according to the invention; 
Fig. 2 represents characteristics of key data, license 
information and others used for communication in 
the data distribution system shown in Fig. 1 ; 
Fig. 3 is a schematic block diagram showing a struc- 
ture of a license server 10 shown in Fig. 1 ; 
Fig. 4 is a schematic block diagram showing a struc- 
ture of a cellular phone 1 00 shown in Fig. 1 ; 
Fig. 5 is a schematic block diagram showing a struc- 
ture of a memory card 110 shown in Fig. 4; 
Fig. 6 is a flowchart showing an operation of copying 
data from CD-ROM 200 in the data distribution sys- 
tem: 

Fig. 7 is a first flowchart showing an operation of 
distributing license information data and others to 
cellular phone 100 over a cellular phone network; 
Fig. 8 is a second flowchart showing the operation 
of distributing the license information data and oth- 
ers to cellular phone 100 over the cellular phone 



[Whole Structure of System] 

[0025] Fig. 1 conceptually shows a whole structure of 
45 a data distribution system according to the invention. 
[0026] The following description is given byway of ex- 
ample on a structure of a data distribution system for 
distributing music data to respective users over a cellu- 
lar phone network. However, as will be apparent from 
50 the following description, the invention is not restricted 
to such a case, and can be applied to the cases for dis- 
tributing another kind of content data protected by cop- 
yright such as image information over another kind of 
information communication network. 
55 [0027] A data reproducing device, which will now be 
described by way of example, is formed of a cellular 
phone provided with a data reproducing function. As will 
be apparentfrom the following description, the invention 
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is not restricted to the cellular phone, andean be applied 
to various data reproducing devices provided that the 
device can be connected to an information communica- 
tion network for obtaining information data required for 
reproducing music data. 

[0028] Referring to Fig. 1, a user 1 using a cellular 
phone 100 has a record medium such as a CD-ROM 
(Compact Disk Read Only Memory) 200, which was dis- 
tributed to the user and has a first memory region bear- 
ing encrypted music data and a second memory region 
for bearing plain text of additional information data such 
as a copyright related to this music data and access con- 
ditions of a server. These conditions will be described 
later. Since the music data on CD-ROM 200 is in the 
encrypted form as described above, cellular phone user 
1 cannot reproduce the music data without decryption. 
[0029] Cellular phone 100 of cellular phone user 1 is 
provided with a connector 1120 for receiving the en- 
crypted music data and the plain-text additional infor- 
mation data recorded on CD-ROM 200 from a personal 
computer (not shown), which can read these data. A 
memory card 110 is removably attached to cellular 
phone 100. Memory card 110 can store the encrypted 
music data and the plain-text additional information da- 
ta, and can perform predetermined processing for de- 
crypting the encrypted music data to allow reproduction 
of music by a music producing portion (not shown) in 
cellular phone 1 00. Cellular phone 1 00 also has a struc- 
ture connectable to headphones 1 20 for listening to re- 
produced music by cellular phone user 1 . 
[0030] A license server 10, which administers infor- 
mation for allowing reproduction of copyrighted music 
data on the user side, encrypts license information data 
for representing a content decryption key, which is used 
for decrypting the encrypted music data, and restrictions 
imposed on music reproduction by the copyright owner 
side, and applies the encrypted license information data 
to a cellular phone company 20, which is a distribution 
carrier for distribution. An authentication server 12 de- 
termines whether a user accessing it for requesting dis- 
tribution of the music data is a regular user having reg- 
ular cellular phone 1 00 and memory card 11 0 or not. 
[0031] Cellular phone company 20 relays over its own 
cellular phone network a distribution request sent from 
each user to license server 10. When the distribution is 
requested, license server 10 encrypts the requested li- 
cense information data and others after confirming by 
authentication server 12 that the user is using the reg- 
ular cellular phone and the regular memory card. Then, 
license server 1 0 distributes the encrypted data and oth- 
ers to the cellular phone of the user over the cellular 
phone network of cellular phone company. 
[0032] Inthefollowing descriptions, license server 1 0, 
authentication server 1 2 and cellularphone company 20 
are collectively referred to as a "distribution server 30" 
hereinafter. 

[0033] Processing of sending the license information 
data and others from such distribution server 30 to each 



cellular phone terminal or the like will be referred to as 
"distribution" hereinafter. 

[0034] Owing to the above structure, only the regular 
cellular phone (content data reproducing device) and 
5 memory card, which can protect the copyright in this da- 
ta distribution system, can receive the license informa- 
tion data from distribution server 30, and can reproduce 
the distributed music data. 

[0035] Further, distribution carrier 20 may be config- 
10 ured to take count of operations, each of which is per- 
formed for distributing license information data of, for 
example, one song, and cellular phone company 20 
may collect the charges fortelephone calls ofthecellular 
phone together with the charges of the decryption infor- 
ms mation data including the copyright royalty fee. Thereby, 
the copyright owner can easily ensure the royalty fee. 
[0036] According to the structure shown in Fig. 1 , the 
followings are required in the system for allowing repro- 
duction of the music data (content data), which is dis- 
20 tributed in the encrypted form, on the user side. First, a 
manner of encrypting the music content data is required, 
Second, a manner of distributing an encryption key in 
music reproduction is required, Third, a structure for 
achieving data protection by preventing unrestricted re- 
25 production and others of the distributed data is required. 

[Structures of Encryption/Decryption Keys] 

[0037] Fig. 2 represents characteristics of keys, li- 

30 cense information data and others used for communi- 
cation in the data distribution system shown in Fig. 1 . In 
the following description, keys bearing reference char- 
acters, which start from "KP", are public keys. 
[0038] In the structure shown in Fig. 1, the data re- 

35 corded on CD-ROM 200 includes music data Data and 
additional information data Data-inf such as information 
relating to the copyright of the music data and informa- 
tion relating to access to the server. 
[0039] Music data Data recorded on CD-ROM 200 

40 takes the form of encrypted music data {Data}Kc pre- 
pared by encryption into a form, which allows decryption 
with a content decryption key Kc as will be described 
later. However, additional information data Data-inf is re- 
corded in plain text. The expression "{Y}X" represents 

45 that data bearing this expression was prepared by con- 
verting data Y into an encrypted form decodable with a 
decryption key X. 

[0040] Additional information data Data-inf contains a 
content ID, which is a code for identifying music data 

50 Data. Content ID is determined based on a name of a 
player of music data Data, a song title and others. 
[0041] The keys and others held and/or generated in 
distribution server 30 include content decryption key Kc, 
which is a decryption key for reproducing the music da- 

55 ta, a first control information data AC1 for instructing, e. 
g., restrictions on the times of reproduction when con- 
tent decryption key Kc or the like stored in memory card 
1 1 0 is accessed, a second control information data AC2 
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for designating the reproduction conditions on the data 
reproducing device such as cellular phone 1 00, a public 
authentication key KPma, which is commonly usable in 
the system, a unique symmetric key Ks1 updated upon 
every distribution of the license information data or the 
like from distribution server 30, and license ID of an ad- 
ministration code for specifying the distribution of li- 
cense. 

[0042] The reproduction conditions designated by 
second control information data AC2 restrict the repro- 
duction by the data reproducing device, and allow re- 
production, e.g., of only a part of music data, only sev- 
eral phrases from the start or only for a limited period. 
[0043] The license ID is a code, for example, forspec- 
ifying a receiver of distributed content decryption key Kc 
and others for certain music data Data as well as the 
time of such distribution. 

[0044] The license information data (decryption infor- 
mation data) collectively represents the license ID, con- 
tent decryption key Kc, and first and second control in- 
formation data AC1 and AC2. 

[0045] Such a structure may be employed that sym- 
metric key Ks1 is generated, e.g., upon every access to 
distribution server 30 by a user, and the same symmetric 
key Ks1 can be used regardless of the number of songs 
or tunes provided that the access has been made only 
one time. For example, such a structure may be em- 
ployed that symmetric key Ks1 is changed for every 
song, and is sent to the user whenever such a change 
is made. 

[0046] In the following description, the unit of such 
communication or access is referred to as "session", 
and the symmetric key to be updated for every session 
is referred to as a "session key". 
[0047] Referring to Fig. 2 again , keys and others used 
for administering the data processing in cellular phone 
100 includes a decryption key Kp unique to a type of 
cellular phone 1 00, a public encryption key KPp for per- 
forming encryption into a form decodable with decryp- 
tion key Kp, and a session key Ks4 generated in cellular 
phone 1 00 for every session. 

[0048] Public encryption key KPp is held by cellular 
phone 1 00 as signed data {KPpJKPma prepared by be- 
ing encrypted together with additional data, which can 
be authenticated by decrypting it with public authentica- 
tion key KPma. For transmission of content decryption 
key Kc and second control information data AC2 be- 
tween distribution server 30 and cellular phone 1 00, the 
system uses decryption key Kcom commonly usable in 
all cellular phones 100 (data reproducing devices). 
[0049] Referring to Fig. 2 again, the keys for admin- 
istrating the data processing in memory card 110 include 
a private decryption key Km(i) (i: natural number) unique 
to each memory card, a public encryption key KPm(i) 
for performing encryption into a form decodable with pri- 
vate decryption key Km(i), a private decryption key Kmc, 
which uniquely depends on the kind of the medium (i.e., 
memory cards) and is differentfrom those for other kinds 



of memory cards, a public encryption key KPmc for per- 
forming encryption allowing decryption with private de- 
cryption key Kmc, a session key Ks2 generated in mem- 
ory card 110 for every distribution session, and a ses- 
5 sion key Ks3 generated in memory card 110 for every 
reproduction session. 

[0050] The natural number i used in the expressions 
of "Km(i) M and "KPm(1)" indicating the keys is the 
number for distinguishing each memory card from the 
10 others. Further, public encryption key KPmc is held in 
memory card 1 1 0 as signed data {KPmcJKPma encrypt- 
ed into the form decodable with public authentication 
key KPma having an authentication function. 

f5 [Structure of License Server 1 0] 

[0051] Fig. 3 is a schematic block diagram showing a 
structure of license server 10 shown in Fig. 1 . License 
server 10 includes a distribution information database 
20 302 which holds keys for decrypting encrypted music 
data as well as distribution information such as addition- 
al information data, an accounting database 304 for 
holding accounting information depending on the times 
of distributions of the license information data for each 
25 user, a data processing portion 31 0, which receives data 
from distribution information database 302 and account- 
ing database 304 via a data bus BS 1 , and performs pre- 
determined encryption processing, and a communica- 
tion device 350 for performing data transmission be- 
so tween distribution carrier20 and data processing portion 
310 over a communication network. 
[0052] Data processing portion 310 includes a distri- 
bution control portion 312 for controlling an operation of 
data processing portion 31 0 in accordance with data on 
35 data bus BS1 , a key holding portion 314 for holding de- 
cryption key Kcom commonly usable in the data repro- 
ducing devices, an encryption processing portion 316, 
which is controlled by distribution control portion 312 to 
encrypt content decryption key Kc and control informa- 
nt? tion data AC2 for the data reproducing device with key 
Kcom, a decrypting portion 318 for receiving encrypted 
data {KPmcJKPma, which is sent, e.g., from memory cell 
data 11 0 of each user, from communication device 350 
via a data bus BS2, and decrypting it to extract public 
45 encryption key KPmc, a session key generating portion 
320 for generating session key Ks1, an encryption 
processing portion 322 for encrypting session key Ks1 
produced by session key generating portion 320 with 
public encryption key KPmc extracted by decrypting 
50 portion 318, and applying it onto data bus BS2, a de- 
cryption processing portion 324 for receiving and en- 
crypting the data, which is encrypted with session key 
Ks1 by the cellular phone of each user and is sent there- 
from, via communication device 350 and data bus BS2, 
55 an encryption processing portion 326 forfurther encrypt- 
ing the data sentf rom encryption processing portion 31 6 
with public encryption key KPm(n), which is extracted 
by decryption processing portion 324, under control of 
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distribution control portion 312, and an encryption 
processing portion 328 for further encrypting the output 
of encryption processing portion 326 with session key 
Ks2, which is extracted by decryption processing portion 
324 based on the data sent from the memory card of 
each user after being encrypted with session key Ks1 
in the memory card, and applying the data thus encrypt- 
ed to communication device 350 via data bus BS2. 

[Structure of Cellular Phone (Data Reproducing 
Device)] 

[0053] Cellular phone 100 has an antenna 1102 for 
receiving radio signals sent over the cellular phone net- 
work, a send/receive portion 1 1 04 for converting the sig- 
nals received from antenna 1 1 02 into baseband signals, 
and for sending data sentfrom cellular phone 1 00 to an- 
tenna 1102, a data bus DB3 for data transmission be- 
tween various portions in cellularphone 1 00, a controller 
1 1 06 for controlling operations of cellular phone 1 00 via 
data bus BS3, a touch key unit 1108 for externally ap- 
plying instructions to cellular phone 100, a display 1110 
for giving information sent from controller 1106 or the 
like to the user as visible information, a voice reproduc- 
ing portion 1112 for operating in an ordinary conversa- 
tion operation to reproduce a voice from the received 
data sent via data bus BS3, a connector 1 1 20 for exter- 
nal data transmission . and an external interface portion 
1122, which can convert the data sent from connector 
1120 into signals to be applied onto data bus BS3, and 
can convert the data applied from data bus BS3 into sig- 
nals to be applied to connector 1120. 
[0054] Cellular phone 1 00 further includes removable 
memory card 1 1 0 for storing content decryption key Kc 
and others sent from distribution server 30, a memory 
interface 1200 for controlling transmission of data be- 
tween memory card 1 1 0 and data bus BS3 : a key hold- 
ing portion 1204 for holding public encryption key KPp 
unique to the data reproducing device, i.e., cellular 
phone 1 00 as signed data {KPpJKPma encrypted into a 
form, which allows authentication by decrypting it with 
public authentication key KPma, a key holding portion 
1210 for holding decryption key Kp, which allows de- 
cryption of the data encrypted with key KPp, a decryp- 
tion processing portion 1212 for decrypting session key 
Ks3, which is applied from memory card 110 via data 
bus BS3 and is encrypted with key KP p , with decryption 
key Kp, a session key generating portion 1502 for gen- 
erating session key Ks4, e.g., based on a random 
number for encrypting the data to be transmitted via data 
bus DB3 when transmitting the data between memory 
card 1 1 0 and another portion in cellular phone 1 00, an 
encryption processing portion 1504 for encrypting ses- 
sion key Ks4 generated by session key generating por- 
tion 1502 with session key Ks3 extracted by decryption 
processing portion 1212, and applying the encrypted 
key onto data bus BS3, a decryption processing portion 
1 506 for decrypting the data on data bus BS3 with ses- 



sion key Ks4for outputting it, a key holding portion 1510 
for holding decryption key Kcom, a decryption process- 
ing portion 1 520 which receives the output of decryption 
processing portion 1506 and decrypts it with key Kcom 
5 to extract content decryption key Kc and second control 
information data AC2, a decryption processing portion 
1 530 which receives the output of decryption processing 
portion 1520 and decrypts encrypted music data {Data} 
Kc read from the memory card, a music reproducing por- 
tion 1 540 for receiving the output of decryption process- 
ing portion 1 530 and reproducing music, a selector por- 
tion 1 542 which receives the outputs of music reproduc- 
ing portion 1540 and music reproducing portion 1112, 
and selectively outputs them depending on whether the 
current mode is a conversation mode or a music repro- 
duction mode, and a connection terminal 1550 for re- 
ceiving the output of selector portion 1542 and allowing 
connection of head phones 130. 
[0055] Fig. 4 shows only blocks relating to the distri- 
bution of music data according to the invention for the 
sake of simplicity, and does not show some of blocks 
related to an original conversation function of the cellular 
phone. 



[0056] Fig. 5 is a schematic block diagram showing a 
structure of memory card 110 shown in Fig. 4. 
[0057] In the following description, it is assumed that 
30 the number i for identifying memory card 1 1 0 is equal to 
one. 

[0058] Memory card 1 1 0 includes a data bus BS4 for 
transmitting signals to and from interface 1 200 via a ter- 
minal 1202, a KPmc holding portion 1302 for holding a 

35 value of data {KPmcJKPma, which is prepared by en- 
crypting public encryption key KPmc with key KPma 
commonly usable in the system, and outputting data 
{KPmcjKPma onto data bus BS4, a Kmc holding portion 
1304 for holding private decryption key Kmc corre- 

40 sponding to memory card 1 1 0, a decryption processing 
portion 1306 for extracting session key Ks1 from distri- 
bution server 30 by decrypting the data, which is applied 
onto data bus BS4 from memory interface 1 200 via ter- 
minal 1202, with private decryption key Kmc, a KPm(1) 

45 holding portion 1310 for holding public encryption key 
KPm(1 ), a session key generating portion 1 31 2 for gen- 
erating a session key different from preceding and fol- 
lowing session keys based on a random number, a se- 
lect switch 1 31 4 for receiving and selectively outputting 

50 the output of session key generating portion 1312 and 
the output of KPm(1) holding portion 1310, a select 
switch 1330 for receiving and selectively outputting the 
output of select switch 1314 and the data on a data bus 
BS5, and encryption processing portion 1340 for en- 

55 crypting the output of select switch 1330 based on the 
session key, which is selected by select switch 1320 
from session key Ks1 applied from distribution server 
30 and session key Ks4 applied from cellular phone 1 00 , 
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and applying the encrypted output onto data bus BS4. 
[0059] Memory card 110 further includes a KPma 
holding portion 1350 for holding public authentication 
key KPma, which is commonly usable in the system, a 
decryption processing portion 1352 for decrypting the 
data applied via data bus BS4 based on the output of 
KPma holding portion 1350, and extracting public en- 
cryption key KPp sent from cellular phone 100, an en- 
cryption processing portion 1 354 for encrypting the out- 
put of session key generating portion 1352 based on 
public encryption key KPp, which is extracted by decryp- 
tion processing portion 1352, and applying it onto data 
bus BS4, a decryption processing portion 1356 for de- 
crypting the data on data bus BS4 with session key Ks2 
or Ks3 sent from session key generating portion1312, 
and applying it onto data bus BS5, and a memory 1410 
for receiving content decryption key Kc and data such 
as additional information, which are encrypted double 
with key Kcom and public encryption key KPm(1) unique 
to each memory card, from data bus BS5 and storing 
them, and for receiving encrypted music data {DataJKc, 
which is encrypted with content decryption key Kc, from 
data bus BS4, and storing it. 

[0060] Select switch 1320 has contacts Pa and Pb, 
and receives session keys Ks1 and Ks4, which are out- 
putfrom decryption processing portions 1306 and 1356, 
on contacts Pa and Pb. respectively. Select switch 1 320 
selectively applies the signals received on contacts Pa 
and Pb to encryption processing portion 1340 depend- 
ing on whetherthe operation is in the "distribution mode" 
or "reproduction mode". 

[0061] Select switch 1330 has contacts Pc and Pd. 
The contact Pc receives from select switch 1 31 4 the out- 
put of session key generating portion 1 31 2 or the output 
of KPm(1) holding portion 1310. The contact Pd re- 
ceives data {Kc//AC2}Kcom, which is prepared by en- 
crypting content decryption key Kc and second control 
information data AC2 with key Kcom, from data bus 
BS5. Select switch 1330 selectively applies the signals 
received on contacts Pc and Pd to encryption process- 
ing portion 1340 depending on the current operation 
mode, i.e., "distribution mode" or "reproduction mode". 
[0062] Memory card 110 further includes a Km(1) 
holding portion 1414 for holding a value of private de- 
cryption key Km(1), a decryption processing portion 
141 6 for decrypting at least content decryption key Kc, 
first and second control information data AC1 and AC2 
and others, which are encrypted with public encryption 
key KPm(1 ), with private decryption key Km(1 ), and ap- 
plying them onto data bus BS5, a decryption processing 
portion 1418 for operating in the distribution operation, 
which is performed for purchasing a license, to encrypt 
data {Kc//AC2}Kcom , which is output onto data bus BS5 
from decryption processing portion 1416, with key KPm 
(1) and apply it to memory 1410. a controller 1420 for 
externally transmitting data via data bus BS4, receiving 
the license ID, content ID, first control information data 
AC1 and others from data bus BS5, and controlling the 



operation of memory card 110, and a license information 
holding portion 1500 for transmitting data via data bus 
BS5, and storing the license ID, content ID, first control 
information data AC1 and others. 
5 [0063] The expression "{Y//ZJX" represents that data 
bearing this expression was prepared by converting da- 
ta Y and Z into an encrypted form decodable with key 
data X. 

[0064] License information holding portion 1500 in- 
fo eludes a plurality of registers each corresponding to, e. 
g. , music data stored in memory 1410, although not re- 
stricted to this. 

[0065] A region surrounded by solid line in Fig. 5 is 
arranged within a module TRM, which is configured to 
15 erase internal data or destroy internal circuits for disa- 
bling reading of data and others in the circuits within this 
region by a third party when an illegal or improper ac- 
cess to the inside of memory card 110 is externally at- 
tempted. 

20 [0066] This module is generally referred to as a 
tamper resistance module. 

[0067] Naturally, memory 1 41 0 may be located within 
module TRM. According to the structure shown in Fig. 
5, however, the data held in memory 1 41 0 is entirely en- 
25 crypted so that the music cannot be reproduced only 
from such data. Therefore, it is not necessary to located 
memory 1410 within the expensive tamper resistance 
module so that a manufacturing cost can be low. 



[0068] Fig. 6 is a flowchart representing an operation 
of copying data from CD-ROM 200 in the data distribu- 
tion system already described with reference to Figs. 1 
and 3 - 5. 

[0069] In Fig. 6, CD-ROM 200 is already loaded into 
a CD-ROM drive of a personal computer, which is con- 
nected to cellular phone 1 00 via connector 1 1 20. 
[0070] A user enters a duplication request through a 
keyboard of the personal computer (step S102). 
[0071 ] The personal computer obtains encrypted mu- 
sic data {DataJKc and additional information data Data- 
inf from CD-ROM 200, and sends them to cellular phone 
100 via connector 1120 (step S104). 
[0072] When cellular phone 100 receives encrypted 
music data {DataJKc and additional information data Da- 
ta-inf (step S1 06). these data are stored in memory 1410 
of memory card 1 1 0 (step S1 08). 
[0073] When storage of data in memory card 110 is 
completed, cellular phone 1 00 sends the completion of 
data acceptance to the personal computer (step S1 1 0). 
[0074] When the personal computer receives "data 
acceptance" from cellular phone 100 (step S112), it 
ends the processing (step S114). 

[Purchasing (Distribution) of License] 

[0075] Figs. 7 and 8 are first and second flowcharts 
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representing an operation of distributing the license in- 
formation data and others, which are used for reproduc- 
ing the encrypted music data, to cellular phone 1 00 over 
cellularphone network20 in the data distribution system 
already described with reference to Figs. 1 and 3 - 5. 
[0076] Figs. 7 and 8 represent an operation, in which 
cellular phone 100 is used, and memory card 110 re- 
ceives the license information data distributed from li- 
cense server 10. 

[0077] When the distribution processing starts (step 
S200), a user applies the license distribution request to 
cellular phone 1 00 via keys or buttons on touch key unit 
1108 (step S202). 

[0078] In response to this distribution request, mem- 
ory card 110 outputs additional information data Data- 
inf corresponding to the encrypted music data already 
read from CD-ROM 200 (step S204). 
[0079] In cellular phone 1 00, the content ID for desig- 
nating the content to be distributed and a telephone 
number of license server 1 0 are obtained from additional 
information data Data-inf (step S206), and the number 
of license server 1 0 is dialed (step S208). 
[0080] Memory card 110 sends signed data {KPmc} 
KPma, which is encrypted to allow authentication by de- 
crypting it, from KPmc holding portion 1302 to cellular 
phone 100 (step S210). 

[0081] Cellularphone 100 sends to distribution server 
30 the content ID and signed data {KPmc}KPma ob- 
tained from memory card 110, signed data {KPp}KPma 
held in key holding portion 1204 and information AC in- 
dicating the request for the license applied from the user 
side (step S212). 

[0082] Above information AC includes information of 
a request relating to a form or type of license purchase, 
and more specifically includes, for example, a request 
for allowing predetermined times of reproduction oper- 
ations, or a request for allowing unrestricted reproduc- 
tion. 

[0083] When license server 10 receives content ID, 
signed data {KPmcJKPma and {KPp}KPma, and infor- 
mation AC from cellularphone 100 (step S214), decryp- 
tion processing portion 318 decrypts signed data {KP- 
mcJKPma and {KPp}KPma thus received based on pub- 
lic authentication key KPma to accept public encryption 
keys KPmc and KPp (step S21 8). 
[0084] License server 1 0 sends an inquiry to authen- 
tication server 12 based on keys KPmc and KPp thus 
obtained (step S218), and the processing moves to a 
next step if the access is made by the regular cellular 
phone and the regular memory card (step S220). If the 
regular cellular phone and the regular memory card are 
not used, the processing ends (step S256). 
[0085] When it is determined, as a result of the inquiry, 
that the access is made by the regular cellular phone 
and memory card, license server 10 operates to pro- 
duce session key Ks1 by session key generating portion 
320. Further, encryption processing portion 322 in li- 
cense server 1 0 encrypts session key Ks1 with received 



public encryption key KPmc to produce data {Ks1}Kmc 
and communication device 350 sends encrypted data 
{Ks1}Kmc received from encryption processing portion 
322 to cellular phone 1 00 over the communication net- 

5 work (step S220). 

[0086] When cellular phone 100 receives data {Ks1} 
Kmc (step S222), decryption processing portion 1306 in 
memory card 110 decrypts the data, which is sent onto 
data bus BS3 via memory interface 1200, with private 

10 decryption key Kmc, and thereby extracts decrypted 
session key Ks1 (step S224). 

[0087] In the subsequent distributing operation, select 
switch 1320 is in the position closing contact Pa, and 
encryption processing portion 1340 receives session 

15 key Ks1 from decryption processing portion 1306 via 
contact Pa. Further, session key generating portion 
1312 generates session key Ks2. Encryption process- 
ing portion 1340 receives session key Ks2 and public 
encryption key KPm(1) sent from KPm(1) holding por- 

20 tion 1310 via select switches 1314 and 1330, respec- 
tively, and encrypts them with session key Ks1 to pro- 
duce data {Ks2//KPm(1)}Ks1 (step S226). 
[0088] Cellular phone 1 00 sends data {Ks2//KPm(1 )] 
Ks1 encrypted by encryption processing portion 1340 to 

25 distribution server 30 (step S228). 

[0089] In license server 10, data{Ks2//KPm(1)}Ks1 is 
received by communication device 350, and is sent onto 
data bus BS2. Decryption processing portion 324 de- 
crypts this data {Ks2//KPm(1)}Ks1 with session key Ks1 

30 so that session key Ks2 and public encryption key KPm 
(1 ) are extracted in the decrypted forms (step S230). 
[0090] In accordance with the content ID and informa- 
tion AC, distribution control portion 312 then produces 
the license ID and first and second control information 

35 data AC1 and AC2 based on the data held in distribution 
information database 302 and others (step S232). 
[0091] Further, license server 1 0 obtains content de- 
cryption key Kc from distribution information database 
302 (step S234). 

40 [0092] In license server 10, encryption processing 
portion 31 6 encrypts content decryption key Kc and sec- 
ond control information data AC2 with key Kcom to pro- 
duce data {Kc//AC2}Kcom (step S236). In distribution 
server 30, encryption processing portion 326 encrypts 

45 data {Kc//AC2}Kcom, license ID, content ID and first 
control information data AC1 with key KPm(1) to pro- 
duce {{Kc//AC2}Kcom//license ID//content ID//AC1}Km 
(1) (step S238). 

[0093] Further, encryption processing portion 328 en- 
50 crypts data {{Kc//AC2}Kcom//license ID//content ID// 
AC1 }Km(1 ) with session key Ks2 to produce data {{{Kc// 
AC2}Kcom//license ID//content ID//AC1}Km(1)}Ks2 ! 
and sends it to cellular phone 100 via communication 
device 350 (step S240). 
55 [0094] When cellular phone 1 00 receives data {{{Kc// 
AC2}Kcom//license ID//content ID//AC1}Km(1)}Ks2 
(step S242), memory card 110 first operates to decrypt 
received data{{{Kc//AC2}Kcom//license ID//content ID// 
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AC1}Km(1)}Ks2 by decryption processing portion 1356 
so that data {{Kc//AC2}Kcom//license ID//content ID// 
AC1}Km(1) is accepted (step S244). 
[0095] Then, in memory card 110, decryption 
processing portion 1416 decrypts data {{Kc//AC2} 
KconrV/license ID//content ID//AC1}Km(1) with private 
decryption key Km(1 ) to accept data {Kc//AC2}Kcom, li- 
cense ID, content ID and first control information data 
AC1 (step S246). 

[0096] License ID, content ID and first control infor- 
mation data AC1 are stored in license information hold- 
ing portion 1500, and data {Kc//AC2}Kcom is encrypted 
again with public encryption key KPm(1) by encryption 
processing portion 1414 to produce data {{Kc//AC2} 
Kcom}Km(1), which is stored in memory 1410 (step 
S248). 

[0097] When an operation of storing data {{Kc//AC2} 
Kcom}Km(1 ) in memory 1 41 0 ends, cellular phone 1 00 
sends "distribution acceptance" to distribution server 30 
(step S250). 

[0098] When license server 1 0 receives the "distribu- 
tion acceptance" (step S252), distribution server 30 per- 
forms distribution ending processing (step S254), e.g., 
by storing the accounting data of the owner of cellular 
phone 100 in accounting database 304, and the distri- 
bution processing ends (step S256). 
[0099] Through the above operations, the license in- 
formation data can be transmitted between memory 
card 110 and license server 10 after being encrypted 
with the session keys generated by memory card 110 
and license server 10, and memory card 1 1 0 enters the 
state, in which the music data can be reproduced. 
[0100] In the foregoing description, the server per- 
forms the authentication processing with signed data 
{KPpJKPma sent from key holding portion 1204 of cel- 
lular phone 1 00 in steps S21 2 - S21 8. In another system, 
however, the terminal for receiving the distributed data 
may be different from the device for data reproduction. 
In this case, the authentication processing with signed 
data {KPp}KPma may be eliminated while leaving the 
authentication processing with signed data {KPmc}KP- 
ma on the memory card side. 

[Reproducing Operation} 

[0101] Fig. 9 is a flowchart representing the reproduc- 
tion processing performed in cellular phone 1 00 for de- 
crypting encrypted music data {Data}Kc held in memory 
card 1 1 0 to produce the decrypted music data, and ex- 
ternally reproducing music therefrom. 
[0102] Referring to Fig. 9, when the reproduction 
processing starts (step S300), the reproduction request 
is applied in response to the instruction of user 1 , which 
is entered via touch key unit 11 08 or the like of cellular 
phone 1 00 (step S302). Thereby, cellular phone 1 00 op- 
erates to output signed data {KPp}KPma from key hold- 
ing portion 1 204 to memory card 1 1 0 (step S304). 
[0103] In memory card 110, decryption processing 



portion 1352 decrypts data {KPpJKPma to accept key 
KPp (step S306). 

[0104] Further, based on the results of decryption in 
step S306, it is determined whether key KPp is applied 

5 from a regular cellular phone or not (step S308). Thus, 
signed data (KPp)KPma has a certification function of 
determining whether key KPp is a regular key or not, 
based on results of additional data generated by decryp- 
tion with public authentication key KPma. When it is de- 

10 termined that the authentication is impossible, the 
processing ends (step S336). 

[0105] When the key can be authenticated, session 
key generating portion 1312 of memory card 110 gen- 
erates session key Ks3, and encryption processing por- 

15 tion 1354 encrypts session key Ks3 with extracted public 
encryption key KPp to produce data {Ks3}KPp, and out- 
puts it to cellular phone 100 (step S310). 
[0106] When it is determined that the key can be au- 
thenticated, and memory card 1 1 0 sends data {Ks3}Kp ; 

20 cellular phone 1 00 decrypts data {Ks3}Kp received from 
memory card 110 by decryption processing portion 
1212, and accepts session key Ks3 (step S312). 
[0107] Session key generating portion 1502 in cellular 
phone 100 produces session key Ks4, and encryption 

25 processing portion 1504 encrypts session key Ks4 with 
session key Ks3 to produce data {Ks4}Ks3, and outputs 
it to memory card 11 0 via data bus BS3 (step S31 4). 
[01 08] Memory card 1 1 0 receives data {Ks4}Ks3 pro- 
duced and encrypted by cellular phone 1 00 via data bus 

30 BS3, and decryption processing portion 1356 decrypts 
it with session key Ks3 to extract session key Ks4 (step 
S316). 

[0109] In memory card 110, controller 1420 deter- 
mines whether the request is issued forthe reproducible 

35 data or not, based on first control information data AC1 
held by license information holding portion 1500, and 
also determines whether the allowed times of reproduc- 
tion are restricted or not, if the data is reproducible (step 
S308). If the requested data is reproducible and the re- 

40 production is allowed only restricted times, contents of 
first control information data AC1 in license information 
holding portion 1500 are updated to decrement the al- 
lowed times of reproduction by one (step S319). If it is 
determined that the data can be reproduced and the 

45 times of reproduction are not restricted, the processing 
moves to a step S320. When it is determined that the 
data cannot be reproduced, the processing ends (step 
S336). 

[0110] In memory card 110, encrypted data {{Kc// 
50 AC2}Kcom}Km(1 ) corresponding to the requested song 
is read out from memory 141 0, and is decrypted by de- 
cryption processing portion 1 41 6 so that data {Kc//AC2} 
Kcom is obtained (step S320). 

[0111] Further, encryption processing portion 1340 
55 encrypts data {Kc//AC2}Kcom applied from data bus 
BS5 via select switch 1 330 with session key Ks4 applied 
from decryption processing portion 1356 via select 
switch 1320, and outputs itto cellular phone 1 00 via data 
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buses BS4 and BS3 (step S322). 
[0112] Decryption processing portion 1506 in cellular 
phone 1 00 performs decryption with session key Ks4 to 
obtain data {Kc//AC2}Kcom (step S324). As a result of 
the decryption processing by decryption processing por- 5 
tion 1520, content decryption key Kcand second control 
information data AC2 are extracted (step S326). 
[0113] Controller 1106 in cellular phone 100 deter- 
mines contents of second control information data AC2 
(step S328), and ends the processing when the data is 10 
not reproducible (step S336). 

[01 1 4] When the data is reproducible, controller 1 1 06 
in cellular phone 1 00 controls memory card 1 1 0 so that 
encrypted content data (Data)Kc corresponding to the 
requested song stored in memory card 1 41 0 of memory 15 
card 11 0 is read and output (step S330). 
[0115] Music reproducing portion 1540 in cellular 
phone 100 decrypts encrypted content data {DataJKc 
with extracted content decryption key Kcto produce the 
music data in plain text (step S332), and reproduces the 20 
content data to apply it to a selector portion 1 542 (step 
S334). Selector portion 1542 externally outputs the re- 
produced music, and the processing ends (step S336). 
[0116] The processing in steps S304 - S312 is not 
necessarily required for every reproducing operation, 25 
and may be performed when the memory card is insert- 
ed or the power is turned on. 

[0117] Owing to the above structure, music content 
information can be easily supplied to the user who can 
transmit the data over the information communication 30 
network such as a cellular phone network, while secur- 
ingthecopyright, and the usercan start the reproduction 
of music in a short time. 

[0118] Further, it is possible to prevent unconditional 
reproduction and duplication of the distributed license 35 
(decryption) information data without authorization by 
the copyright owner. 

[0119] In the foregoing description, it has been de- 
scribed that key Kcom is a symmetric key. However the 
processing corresponding to the encryption processing 40 
with this key Kcom may be changed into processing us- 
ing a public key. In this case, the encryption key is 
formed of a public key, and public key KPcom is used 
on the side of license server 1 0. Also, private decryption 
key Kcom is used on the side of reproducing circuit, i. 45 
e., cellular phone 100. 

[0120] According to the description of the first embod- 
iment, content decryption key Kc and second control in- 
formation data AC2 in the license information data (li- 
cense ID, content decryption key Kc, and first and sec- 50 
ond control information data AC1 and AC2) are record- 
ed in memory 1 41 0 after being encrypted. However the 
invention is not restricted to the above, and such a struc- 
ture may be employed that all the license information 
data are stored in license information holding portion 55 
1500 without re-encryption in the memory card. This 
structure can reduce an overhead time before start of 
the reproduction, and can simplify software for control- 



ling the controller in the memory card. 
[0121] In the structure of the first embodiment, there- 
fore, if license information storing portion 1500 stores 
all the license information data, encryption processing 
portion 1418 is not required in the structure of memory 
card 1 1 0 shown in Fig. 5. Further, the processing in step 
S248 shown in Fig. 8 is changed into processing, which 
is performed to "store data {Kc//AC2}Kcom, license ID. 
content ID and first control information data AC1 in li- 
cense information holding portion 1500". Further, the 
processing in step S320 shown in Fig. 9 is changed into 
processing, which is performed to "obtain {Kc//AC2} 
Kcom of the requested song stored in license informa- 
tion holding portion 1500". 

[0122] If an internal mechanism of the memory card 
is formed of one-chip LSI or the like, memory 1410 itself 
is formed within module TRM. In this case, a portion of 
memory 1 41 0 may be used as license information hold- 
ing portion 1 500 so that license information holding por- 
tion 1500thusformed can store {Kc//AC2}Kcom, license 
ID, content ID and first control information data AC1 . 

[Modification of First Embodiment] 

[0123] In the structure of data distribution system of 
the first embodiment shown in Fig. 1 . the operation of 
writing the encrypted music data and the additional in- 
formation data from CD-ROM 200 to memory card 1 1 0 
is performed via the personal computer by sending them 
through connector 1120 and cellular phone 100. 
[0124] However, such a structure may be employed 
that a general-purpose memory card drive device con- 
nected to the personal computer takes the encrypted 
music data and others from CD-ROM 200 into memory 
card 110. Structures other than the above are substan- 
tially the same as those in the first embodiment, and 
therefore description thereof is not repeated. 
[0125] The data distribution system of the structure 
described above can achieve substantially the same ef- 
fect as the first embodiment. 

[Second Embodiment] 

[0126] Fig. 10 conceptually shows a structure of a da- 
ta distribution system according to a second embodi- 
ment of the invention. The structure in Fig. 10 differs 
from the structure of the data distribution system of the 
first embodiment in that the writing of the encrypted mu- 
sic data and additional information data from CD-ROM 
200 into memory card 1 1 0 is performed without sending 
it by the personal computer via connector 1120 and cel- 
lular phone 100, but is performed by such a structure 
that a dedicated memory card drive device 500 connect- 
ed to the personal computer writes the encrypted music 
data on CD-ROM 200 into memory card 110. Structures 
other than the above are substantially the same as those 
of the data distribution system of the first embodiment. 
Therefore, the same portions bear the same reference 
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numbers, and description thereof is not repeated. 
[0127] As will be apparent later from the description, 
memory card drive device 500 of the second embodi- 
ment differs from the structure of a general-purpose 
memory card drive device described in connection with 
the modification of the first embodiment, and has a 
structure adapted to the encrypting and decryption 
processing of the data transmitted to and from the mem- 
ory card. 

[0128] Fig. 11 is a schematic block diagram showing 
a structure of memory card drive device 500 shown in 
Fig. 10. In the following description, a session key pro- 
duced in memory card drive device 500 in response to 
every session is indicated by Ks5. 
[0129] Referring to Fig. 11, memory card drive device 
500 includes a connector 2120 for transmitting data to 
and from the personal computer, an external interface 
2122 for converting the data sent from connector 2120 
into signals to be applied into memory card drive device 
500 and for converting the data obtained from memory 
card drive device 500 into signals to be applied to con- 
nector 21 20, and a controller 21 24 for controlling an op- 
eration of memory card drive device 500 in accordance 
with the data sent from external interface 2122. 
[0130] Memory card drive device 500 further includes 
a memory interface 2200 for controlling data transmis- 
sion between memory card 110 and a data bus BS6, a 
key holding portion 2204 for holding public authentica- 
tion key KPma commonly usable in the system, a de- 
cryption processing portion 2206 for decrypting the data 
encrypted with public authentication key KPma applied 
from data bus BS6 ; a session key generating portion 
2210 used in the data transmission between memory 
card 1 1 0 and another portion in memory card drive de- 
vice 500 for generating session key Ks5, which is used 
for encrypting the data transmitted on data bus BS6, 
based on a random number or the like, an encryption 
processing portion 2208 for encrypting session key Ks5 
produced by session key generating portion 2210 with 
public encryption key KPmc extracted by encryption 
processing portion 2206, and applying it onto data bus 
BS6, a decryption processing portion 2212 for decrypt- 
ing the data on data bus BS6 with session key Ks5 and 
outputtingthe decrypted data, an encryption processing 
portion 2214 for receiving the output of decryption 
processing portion 2212 and encrypting the data sent 
from data bus BS6 with public encryption key KPm(1), 
an encryption processing portion 2216 for receiving the 
output of encryption processing portion 2214 and en- 
crypting it with session key Ks 2 extracted by decryption 
processing portion 2212, a Kcd(j) holding portion 2222 
for holding a plurality of keys Kcd(j) (j: natural number) 
unique to memory card drive device 500, and a Kcd de- 
cryption processing portion 2220 for decrypting the data 
on data bus BS6 with the key selected from the plurality 
of keys Kcd(j). 



[Data Copying Operation] 

[0131] Figs. 12 and 13 are first and second flowcharts 
representing an operation of copying the encrypted mu- 
5 sic data from CD-ROM 200 to memory card 1 1 0 in the 
data distribution system already described in Figs. 10 
and 11. 

[0132] Memory card 110 has substantially the same 
structure as that in thefirst embodiment. Fortransferring 
10 the license information data from CD-ROM 200 to mem- 
ory card 1 1 0, it is first required to perform authentication 
between CD-ROM 200 and memory card drive device 
500, as will be apparent from the following description. 
In the case where the data in CD-ROM 200 is license- 
's corresponding data, memory card drive device 500 is 
allowed to copy the license information data on 
CD-ROM 200 to memory card 110 only if transmission 
of the data to and from memory card 110 is allowed in 
accordance with a predetermined manner, and thus, on- 
20 |y if memory card 110 has a structure adapted to this 
data distribution system. In other words, authentication 
of the memory card 110 is performed depending on 
whether memory card drive device 500 can regularly op- 
erate as a distribution server in a false manner with re- 
25 spect to memory card 1 1 0. 

[0133] In the following description, therefore, the li- 
cense ID transmitted between memory card 110 and 
memory card drive device 500 is a provisional ID, which 
will be referred to as a "provisional license ID IDa". Fur- 
30 ther, first and second control information data AC1 and 
AC2 are indicated by reference characters "AC1a" and 
"AC2a" for representing that first and second control in- 
formation data AC1 and AC2 are codes, on which re- 
strictions are imposed, respectively. If the user wishes 
35 to have license information data not having such restric- 
tions, the user can receive such data from the server as 
another data. 

[0134] Figs. 12 and 1 3 show the operations for copy- 
ing the music data from CD-ROM 200 to memory card 
40 110. 

[0135] When the copying operation starts (step 
S400), copying of data is request, e.g., by operating 
keys of the personal computer (step S402). 
[0136] The personal computer obtains class ID data 
45 from CD-ROM 200 (step S404). It is assumed that this 
class ID data specifies one key Kcd(j) in a Kcd(j) holding 
portion 2222. 

[0137] Memory card drive device 500 determines 
based on the class ID whether CD-ROM 200 is compat- 
50 ible with memory card drive device 500 or not (step 
S406). 

[0138] If CD-ROM 200 is not compatible with card 
drive device 500, the processing moves to a step S432. 
[0139] If CD-ROM 200 is compatible, memory card 
55 no sends encrypted and signed data {KPmc}KPma 
from KPmc holding portion 1302 to memory card drive 
device 500 (step S408). 

[0140] In memory card drive device 500, when signed 
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data {KPmc}KPma transferred from memory card 1 1 0 is 
received, decryption processing portion 2206 decrypts 
signed data {KPmc}KPma thus received based on pub- 
lic authentication key KPmato accept public encryption 
key KPmc (step S410). 

[0141] Thus, such a structure may be employed that 
memory card drive device 500 performs authentication 
of memory card 110, and, if not authenticated, (i) the 
processing is interrupted, or (ii) moves to a step S432. 
[0142] Further, memory card drive device 500 oper- 
ates to produce session key Ks5 by session key gener- 
ating portion 2210. Further, encryption processing por- 
tion 2208 in memory card drive device 500 encrypts ses- 
sion key Ks5 with received key KPmc to produce data 
{Ks5}Kmc, and sends it to memory card 110 (step 
S412). 

[0143] When memory card 110 receives data {Ks5} 
Kmc, decryption processing portion 1306 in memory 
card 1 1 0 decrypts it with key Kmc to extract session key 
Ks5 (step S414). 

[0144] In memory card 110, select switch 1320 is in 
the position closing contact Pa, and encryption process- 
ing portion 1340 receives session key Ks5 from decryp- 
tion processing portion 1306 via contact Pa. Further, 
session key generating portion 1312 generates session 
key Ks2. Encryption processing portion 1340 receives 
session key Ks2 and public encryption key KPm(1 ) sent 
from KPm(1) holding portion 1310 via select switches 
1314 and 1330, respectively, and encrypts them with 
session key Ks5 to produce and output data {Ks2//KPm 
(1)}Ks5 (step S416). 

[0145] In memory card drive device 500, data {Ks2// 
KPm(1)}Ks5 is received and applied onto data bus BS6. 
Decryption processing portion 2212 decrypts this data 
{Ks2//KPm(1)}Ks5 with session key Ks5 to extract ses- 
sion key Ks2 and public encryption key KPm(1) in the 
decrypted form (step S418). 

[0146] Then, memory card drive device 500 receives 
data {{Kc//AC2a}Kcom//license IDa//content ID//AC1a} 
Kcd(j), which is recorded on CD-ROM 200, via the per- 
sonal computer. Decryption processing portion 2212 
first decrypts data {{Kc//AC2a)Kcom//license IDa//con- 
tent ID//AC1a}Kcd(j) to obtain data {Kc//AC2a}Kcom, li- 
cense IDa, content ID and first control information data 
AC1a (step S420). 

[0147] If a correlation is not established between the 
class ID data obtained from CD-ROM 200 and key Kcd 
(j), memory card drive device 500 cannot obtain data 
{Kc//AC2a}Kcom, license IDa, content ID and first con- 
trol information data AC1a. 

[0148] Then, in memory card drive device 500, en- 
cryption processing portion 2214 encrypts data {Kc// 
AC2a}Kcom, license IDa, content ID and first control in- 
formation data AC1 a with public encryption key KPm(1 ) 
to produce {{Kc//AC2a}Kcom//license IDa//content ID// 
AC1a}Km(1) (step S422). 

[0149] Subsequently, in memory card drive device 
500, encryption processing portion 221 6 encrypts {{Kc// 



AC2a}Kcom//license IDa//content ID//ACIa}Km(1 ) with 
session key Ks2 to produce and output {{{Kc//AC2a} 
Kcom//license IDa//content ID//AC1a}Km(1)}Ks2 (step 
S424). 

5 [0150] In memory card 110, decryption processing 
portion 1356 decrypts data {{{Kc//AC2a}Kcom//license 
IDa//content ID//AC1 a}Km(1)}Ks2 with session key Ks2 
to accept data {{Kc//AC2a}Kcom//license IDa//content 
ID//AC1a}Km(1) (step S426). 

10 [0151] In memory card 110, decryption processing 
portion 1416 decrypts data {{Kc//AC2a}Kcom//license 
IDa//content ID//AC1 a}Km(1) with private decryption 
key Km(1) to accept data {Kc//AC2a}Kcom, license 
IDa), content ID) and first control information data AC1 a 

15 (step S428). 

[0152] License IDa, content ID and first control infor- 
mation data AC1 a are stored in license information hold- 
ing portion 1500, and data {Kc//AC2a}Kcom is encrypt- 
ed again with public encryption key KPm(1) by encryp- 

20 tion processing portion 1 41 8 to store the encrypted data 
as data {{Kc//AC2a}Kcom}Km(1 ) in memory 1 41 0 (step 
S430). 

[0153] When storing of data {{Kc//AC2a}Kcom}Km(1) 
into memory 1 41 0 ends, the personal computer obtains 
25 encrypted music data {Data}Kc and additional informa- 
tion data Data-inffrom CD-ROM 200, and sends them 
to memory card drive device 500 via connector 2120 
(step S432). 

[0154] When memory card drive device 500 receives 
30 encrypted music data {DataJKc and additional informa- 
tion data Data-inf (step S434), it stores them in memory 
1 41 0 of memory card 1 1 0 (step S436). 
[0155] When storing of data into memory card 110 
ends, memory card drive device 500 sends completion 
35 of the data acceptance to the personal computer (step 
S438). 

[0156] When the personal computer receives "data 
acceptance" from memory card drive device 500 (step 
S440), the processing ends (step S442). 
40 [0157] In the second embodiment, the operations of 
purchasing (distributing) the license and the reproduc- 
tion operation can be performed similarly to the first em- 
bodiment. 

[0158] Through the operations described above, the 
45 data can be copied from memory card 1 1 0 to CD-ROM 
200. Further, effects similar to those of the first embod- 
iment can be achieved after the encrypted music data 
is copied to memory card 1 1 0. 

[01 59] According to the above description of the sec- 
50 ond embodiment, content decryption key Kc and second 
control information data AC2a in the license information 
data (license IDa, content ID, content decryption key Kc 
and first and second control information data AC1 a and 
AC2a) are encrypted for recording in memory 1410. 
55 However, the second embodiment may be configured 
to store all the license information data in license infor- 
mation holding portion 1500 without re-encryption in the 
memory card, similarly to the first embodiment. 
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[0160] Therefore, if the second embodiment is config- 
ured to store all the license information data in license 
information holding portion 1500, the processing in step 
S430 shown in Fig. 1 3 is changed into processing, which 
is performed to "store data {Kc//AC2a}Kcom ! license 
IDa, content ID and first control information data AC1a 
in license information holding portion 1500". 
[0161] If an internal mechanism of the memory card 
is formed of one-chip LSI orthe like, a portion of memory 
1 41 0 may be used as license information holding portion 
1500 so that license information holding portion 1500 
thus formed may store data {Kc//AC2a}Kcom, license 
IDa, content ID and first control information data AC1 a. 

[Third Embodiment] 

[0162] The data distribution system of a third embod- 
iment is the same as the data distribution system of the 
first embodiment except for that key Kcom commonly 
usable in the cellular phones (data reproducing devices) 
is not employed in the third embodiment. 
[0163] Fig. 14 represents characteristics of license in- 
formation data and others used for communication in the 
data distribution system of the third embodiment, and 
corresponds to Fig. 12 representing the first embodi- 
ment. 

[0164] As described above, the third embodiment dif- 
fers from the first embodiment only in that key Kcom is 
not employed, and therefore, description thereof is not 
repeated. 

[0165] Fig. 15 is a schematic block diagram showing 
a structure of a license server 31 of the third embodi- 
ment, and corresponds to Fig. 3 showing the first em- 
bodiment. 

[0166] License server 31 in the third embodiment dif- 
fers from license server 1 0 in the first embodiment only 
in that key Kcom is not employed. Therefore, the same 
portions bear the same reference numbers, and de- 
scription thereof is not repeated. 
[0167] Fig. 16 is a schematic block diagram showing 
a structure of a cellular phone 1 01 of the third embodi- 
ment, and corresponds to Fig. 4 showing the first em- 
bodiment. 

[0168] Cellular phone 101 in the third embodiment dif- 
fers from cellular phone 1 00 in the first embodiment only 
in that key holding portion 1 51 0 and decryption process- 
ing portion 1520 are eliminated because key Kcom is 
not employed. Therefore, the same portions bear the 
same reference numbers, and description thereof is not 
repeated. 

[0169] The operation of copying data from CD-ROM 
200 in the data distribution system of the third embodi- 
ment is substantially the same as that of the first em- 
bodiment. 

[License Purchasing (Distributing) Operation] 

[0170] Figs. 17 and 18 are first and second flowcharts 



for representing an operation of distributing the license 
information data and others, which are used for repro- 
ducing the encrypted music data, to cellular phones 1 01 
over the cellular phone network in the data distribution 
5 system shown in Figs. 15 and 16. 

[0171] More specifically, Figs. 17 and 18 represent an 
operation, in which memory card 110 of user 1 receives 
the license information data distributed from license 
server 31 . 

10 [0172] When the distribution processing starts (step 
S500), user 1 applies the license distribution request to 
cellular phone 101 via keys or buttons on touch key unit 
1108 (step S502). 

[0173] In response to this distribution request, mem- 

15 ory card 110 outputs additional information data Data- 
inf corresponding to the encrypted music data already 
read from CD-ROM 200 (step S504). 
[0174] In cellular phone 101 , the content ID for desig- 
nating the content to be distributed and a telephone 

20 number of the license server are obtained from the ad- 
ditional information (step S506), and the telephone 
number of license server 31 is dialed (step S508). 
[0175] Memory card 110 sends data {KPmc}KPma 
from KPmc holding portion 1302 to cellular phone 101 

25 (step S5 10). 

[0176] Cellular phone 1 01 sends to license server 31 
the content ID and data (KPmc)KPma obtained from 
memory card 1 1 0 as well as key {KPpJKPma sent from 
key holding portion 1204 of cellular phone 1 01 and in- 

30 formation AC, which indicates the request applied for 
the license from the user side (step S51 2). 
[0177] Information AC includes information of a re- 
quest relating to the form or type of license purchase, 
and more specifically includes, for example, a request 

35 for allowance of predetermined times of reproduction 
operations, or a request for unrestricted reproduction. 
[0178] When license server 31 receives content ID. 
data {KPmcJKPma and data {KPpJKPma, and informa- 
tion AC from cellular phone 100 (S514), decryption 

40 processing portion 318 decrypts received data {KPmc} 
KPma and data {KPp}KPma based on public authenti- 
cation key KPma to accept keys KPmc and KPp (step 
S518). 

[0179] License server 31 sends an inquiry to authen- 
45 tication server 12 based on keys KPmc and KPp thus 
obtained (step S518), and the processing moves to a 
next step if the distribution is to be made to the regular 
cellular phone and the regular memory card (step 
S520). If the regular cellular phone and the regular 
50 memory card are not used, the processing ends (step 
S556). 

[0180] When it is determined, as a result of the inquiry 
that the regular cellular phone and the regular memory 
card are used, license server 31 operates to produce 
55 session key Ks1 by session key generating portion 320. 
Further, encryption processing portion 322 in license 
server 31 encrypts session key Ks1 with received public 
encryption key KPmc to produce data {Ks1}Kmc, and 



14 



27 



EP 1 233 569 A1 



28 



communication device 350 sends encrypted data {Ks1 } 
Kmc received from encryption processing portion 322 
to cellular phone 1 01 over the communication network 
(step S520). 

[0181] When cellular phone 101 receives data {Ks1} 
Kmc (step S522), decryption processing portion 1306 in 
memory card 1 1 0 decrypts the data, which is sent onto 
data bus BS3 via memory interface 1200, with private 
decryption key Kmc, and thereby extracts decrypted 
session key Ks1 (step S524). 

[0182] In the subsequent distributing operation . select 
switch 1320 is in the position closing contact Pa, and 
encryption processing portion 1340 receives session 
key Ks1 from decryption processing portion 1306 via 
contact Pa. Further, session key generating portion 
1312 generates session key Ks2. Encryption process- 
ing portion 1340 receives session key Ks5 and public 
encryption key KPm(1) sent from KPm(1) holding por- 
tion 1310 via select switches 1314 and 1330, respec- 
tively, and encrypts them with session key Ks1 to pro- 
duce data {Ks2//KPm(1)}Ks1 (step S526). 
[0183] Cellular phone 101 sends data {Ks2//KPm(1)} 
Ks1 encrypted by encryption processing portion 1340 to 
license server 31 (step S528). 

[0184] In license server 31, data {Ks2//KPm(1)}Ks1 is 
received by communication device 350, and is sent onto 
data bus BS2. Decryption processing portion 324 de- 
crypts this data {Ks2//KPm(1 )}Ks1 with session key Ks1 
so that session key Ks2 and public encryption key KPm 
(1) are extracted in the decrypted forms (step S530). 
[0185] In accordance with the content ID and informa- 
tion AC, distribution control portion 312 then produces 
the license ID and first and second control information 
data AC1 and AC2 based on the data held in distribution 
information database 302 and others (step S532). 
[0186] Further, license server 31 obtains content de- 
cryption key Kc from distribution information database 
302 (step S534). 

[0187] In license server 31, encryption processing 
portion 326 encrypts data {Kc//AC2}Kcom : license ID, 
content ID and first control information data AC 1 with 
public encryption key KPm(1) to produce {Kc//AC2//li- 
cense ID//content ID//AC1}Km(1) (step S538). 
[0188] Further, encryption processing portion 328 en- 
crypts data {Kc//AC2//license ID//content ID//AC1}Km 
(1) with session key Ks2 to produce data {{Kc//AC2//li- 
cense ID//content ID//AC1}Km(1)}Ks2, and sends it to 
cellular phone 1 01 via communication device 350 (step 
S540). 

[0189] When cellular phone 101 receives data {{Kc// 
AC2//license ID//content ID//AC1}Km(1)}Ks2 (step 
S542), memory card 110 first operates to decrypt re- 
ceived data {{Kc//AC2//license ID//content ID//AC1}Km 
(1)}Ks2 by decryption processing portion 1356 so that 
data {Kc//AC2//license ID//content ID//AC1}Km(1) is ac- 
cepted (step S544). 

[0190] Then, in memory card 110, decryption 
processing portion 1416 decrypts data {Kc//AC2//li- 



cense ID//content ID//AC1 }Km(1 ) with private decryp- 
tion key Km(1 ) to accept content decryption key Kc, sec- 
ond control information dataAC2, license ID, content ID 
and first control information data AC1 (step S546). 

5 [0191] License ID, content ID and first control infor- 
mation data AC1 are stored in license information hold- 
ing portion 1500, and content decryption key Kc and 
second control information data AC2 are encrypted 
again with key KPm(1 ) by encryption processing portion 

10 1418 to produce data {Kc//AC2}Km(1 ), which is stored 
in memory 1410 (step S548). 

[0192] When an operation of storing data {Kc//AC2} 
Km(1) in memory 1410 ends, cellular phone 101 sends 
"distribution acceptance" to license server 31 (step 
15 S550). 

[0193] When license server 31 receives the "distribu- 
tion acceptance" (step S552), license server 31 per- 
forms distribution ending processing (step S554), e.g.. 
by storing the accounting data of the owner of cellular 

20 phone 101 in accounting database 304, and the distri- 
bution processing ends (step S556). 
[0194] Through the above operations, the data can be 
transmitted between memory card 1 1 0 and license serv- 
er 31 after being encrypted with the session keys gen- 

25 erated by memory card 1 1 0 and license server 31 , and 
memory card 110 enters the state, in which the music 
data can be reproduced. 

[0195] In the above description, the server performs 
the authentication processing with signed data {KPp} 

30 KPma sent from key holding portion 1204 of cellular 
phone 1 00 in steps S512 - S518, similarly to the former 
description. In another system, however, the terminal for 
receiving the distributed data may be different from the 
device for data reproduction. In this case, the authenti- 

35 cation processing with signed data {KPpJKPma may be 
eliminated while leaving the authentication processing 
with signed data {KPmcJKPma on the memory card 
side. 



[0196] Fig. 19 is a flowchart representing the repro- 
duction processing performed in cellular phone 101 for 
decrypting encrypted music data{Data}Kc held in mem- 
ory card 1 1 0 to produce the decrypted music data, and 
externally reproducing music therefrom. 
[0197] Referring to Fig. 19, when the reproduction 
processing starts (step S600), the reproduction request 
is applied in response to the instruction of user 1 , which 
is entered via keyboard 1 1 08 or the like of cellular phone 
101 (step S602). Thereby, cellular phone 101 operates 
to output signed data {KPp}KPma from key holding por- 
tion 1204 to memory card 110 (step S604). 
[0198] In memory card 110, decryption processing 
portion 1352 decrypts signed data {KPpJKPma to ac- 
cept public encryption key KPp (step S606). 
[0199] When the key can be authenticated, session 
key generating portion 1312 of memory card 110 gen- 
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erates session key Ks3, and encryption processing por- 
tion 1 354 encrypts session key Ks3 with extracted public 
encryption key KPp to produce data {Ks3}KPp, and 
sends it to cellular phone 1 00 (step S61 0). 
[0200] When it is determined that the key can be au- 
thenticated, and memory card 110 sends data {Ks3} 
KPp, cellular phone 100 decrypts data {Ks3}KP p re- 
ceived from memory card 110 by decryption processing 
portion 1212 : and accepts session key Ks3 (step S612). 
[0201] Session key generating portion 1502 in cellular 
phone 101 produces session key Ks4, and encryption 
processing portion 1504 encrypts session key Ks4 with 
session key Ks3 to produce data {Ks4}Ks3, and sends 
it to memory card 11 0 via data bus BS3 (step S61 4). 
[0202] Memory card 1 1 0 receives data {Ks4}Ks3 pro- 
duced and encrypted by cellular phone 1 01 via data bus 
BS3, and decryption processing portion 1356 decrypts 
it with session key Ks3 to extract session key Ks4 (step 
S616). 

[0203] In memory card 110, controller 1420 deter- 
mines whetherthe request is issued forthe reproducible 
data or not, based on first control information data AC1 
held by license information holding portion 1500, and 
also determines whether the allowed times of reproduc- 
tion are restricted or not, if the data is reproducible (step 
S618). If the requested data is reproducible and the re- 
production is allowed only restricted times, contents of 
first control information data AC1 in license information 
holding portion 1500 are updated to represent the re- 
maining times of allowed reproduction (step S619). If it 
is determined that the data can be reproduced and the 
times of reproduction are not restricted, the processing 
moves to a step S620. When it is determined that the 
data cannot be reproduced, the processing ends (step 
S636). 

[0204] In memory card 110, encrypted data {Kc//AC2} 
Km(1) corresponding to the requested song is read out 
from memory 1410, and is decrypted by decryption 
processing portion 1416 so that content decryption key 
Kc and second control information data AC2 are ob- 
tained (step S620). 

[0205] Further, encryption processing portion 1340 
encrypts content decryption key Kc and second control 
information data AC2 applied from data bus BS5 via se- 
lect switch 1330 with session key Ks4 applied from de- 
cryption processing portion 1 356 via select switch 1 320, 
and outputs data {Kc//AC2}Ks4 thus encrypted to cellu- 
lar phone 101 via data buses BS4 and BS3 (step S622). 
[0206] Decryption processing portion 1506 in cellular 
phone 1 01 performs decryption with session key Ks4 to 
obtain content decryption key Kc and second control in- 
formation data AC2 (step S624). 

[0207] Controller 1106 in cellular phone 101 deter- 
mines contents of second control information data AC2 
(step S628), and ends the processing when the data is 
not reproducible (step S636). 

[0208] When the data is reproducible, controller 1 1 06 
in cellular phone 1 01 controls memory card 1 1 0 so that 



encrypted music data {Data}Kc corresponding to the re- 
quested song stored in memory card 1410 of memory 
card 110 is read and output (step S630). 
[0209] Music reproducing portion 1540 in cellular 

5 phone 1 01 decrypts encrypted music data {DataJKc with 
extracted content decryption key Kc to produce the mu- 
sic data in plain text (step S632), and reproduces the 
content data to apply it to selector portion 1542 (step 
S634). Selector portion 1542 externally outputs the re- 

10 produced music, and the processing ends (step S636). 
[0210] The processing in steps S604 - S612 is not 
necessarily required for every reproducing operation, 
and may be performed when the memory card is insert- 
ed or the power is turned on. 

15 [0211] Owing to the above structure, music content 
information can be easily supplied to the user, who can 
transmit the data over the information communication 
network such as a cellular phone network, while secur- 
ing thecopyright, and the usercan startthe reproduction 

20 of music in a short time. 

[0212] Further, it is possible to prevent unconditional 
reproduction and duplication of the distributed data pro- 
tected by copyright without authorization by the copy- 
right owner. 

25 [0213] It is likewise possible to eliminate key Kcom in 
the structure of the second embodiment employing 
memory card drive device 500 already described. 
[0214] According to the description of the third em- 
bodiment, content decryption key Kc and second control 

30 information data AC2 in the license information data (li- 
cense ID, content decryption key Kc, and first and sec- 
ond control information data AC1 and AC2) are record- 
ed in memory 1 41 0 after being encrypted. However, the 
invention is not restricted to the above, and such a struc- 

35 ture may be employed that all the license information 
data are stored in license information holding portion 
1500 without re-encryption in the memory card. 
[0215] In the structure of the third embodiment, there- 
fore, if license information storing portion 1500 stores 

40 all the license information data, encryption processing 
portion 1418 is not required in the structure of memory 
card 110. Further, the processing in step S548 shown in 
Fig. 18 is changed into processing, which is performed 
to "store content decryption key Kc, second control in- 

45 formation dataAC2, license ID, content ID and first con- 
trol information data AC 1 in license information holding 
portion 1500". Further, the processing in step S320 
shown in Fig. 19 is changed into processing, which is 
performed to "obtain content decryption key Kc and sec- 

50 ond control information data AC2 of the requested song 
stored in license information holding portion 1500". 
[0216] If an internal mechanism of the memory card 
is formed of one-chip LSI orthelike, a portion of memory 
1 41 0 may be used as license information holding portion 

55 1 500 so that license information holding portion 1500 
thus formed may store the license information data. 
[0217] Description has been given on the embodi- 
ments, which use CD-ROMs for distributing the content 
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data such as music data. However the invention is not 
restricted to this structure, and can be generally applied 
to various structures, in which content data is distributed 
in the form recorded on various record mediums. The 
record mediums may be other disk-like record mediums 
such as a DVD-ROM (Digital Versatile Disc Read Only 
Memory), although not restricted thereto. 
[0218] Although the present invention has been de- 
scribed and illustrated in detail, it is clearly understood 
that the same is by way of illustration and example only 
and is not to betaken byway of limitation, the spirit and 
scope of the present invention being limited only by the 
terms of the appended claims. 



Claims 

1 . A data distribution system for distributing encrypted 
content data to each of terminals of a plurality of 
users, comprising: 

a record medium (200) bearing said encrypted 
content data and plain-text additional informa- 
tion data for obtaining decryption information 
data to be used for decryption processing of 
said encrypted content data; 
a distribution server (30) for distributing said 
decryption information data over an information 
transmission network; and 
a content data reproducing device (100, 110) 
for receiving said encrypted content data and 
said plain-text additional information data from 
said record medium, storing said encrypted 
content data and said plain-text additional in- 
formation data, receiving said decryption infor- 
mation data from said distribution server spec- 
ified based on said plain-text additional infor- 
mation data over said information transmission 
network, decrypting said encrypted content da- 
ta in accordance with said decryption informa- 
tion data, and outputting information corre- 
sponding to content data obtained by decrypt- 
ing said encrypted content data. 

2. The data distribution system according to claim 1 , 
wherein 

said content data reproducing device in- 
cludes: 

reading means for reading said encrypted con- 
tent data and said plain-text additional informa- 
tion data from said record medium, 
a memory (110) for receiving and storing said 
encrypted content data and said plain-text ad- 
ditional information data applied from said 
reading means, 

receiving means (1102, 11 04) for receiving said 
decryption information data from said specified 



distribution server over said information trans- 
mission network, 

decrypting means (1530) for decrypting said 
encrypted content data based on said decryp- 
5 tion information data, and 

reproducing means (1540) for receiving the 
output of said decrypting means, and producing 
information corresponding to said content data. 

10 3. The data distribution system according to claim 2. 
wherein 

said memory is a memory card (110) remov- 
ably attached to said content data reproducing de- 
vice. 

15 

4. The data distribution system according to claim 3. 
wherein 

said decryption information data includes: 

20 a content decryption key (Kc) for decrypting 

said encrypted content data, and 
first restriction information data (AC1) for re- 
stricting reading of said decryption information 
data from said memory card; and 

25 said memory card includes means (1500, 

1420) for restricting reading of said decryption 
information data from said memory card in ac- 
cordance with said first control information da- 
ta. 

30 

5. The data distribution system according to claim 4. 
wherein 

said first control information data includes 
control data for designating allowed times of read- 
35 jng of said content decryption key from said memory 
card for decrypting said encrypted content data, 
and 

said memory card includes means for restrict- 
ing times of reading of said content decryption key 
40 from said memory card in accordance with said con- 
trol data. 

6. The data distribution system according to claim 2, 
wherein 

45 said decryption information data includes: 

a content decryption key for decrypting said en- 
crypted content data, and 
second control information data (AC2) for des- 

50 ignating conditions of reproduction by said con- 

tent data reproducing device; and 
said content data reproducing device further in- 
cludes means for restricting the reproducing 
operation of said reproducing means in accord- 

55 ance with said second control information data. 

7. The data distribution system according to claim 6 ; 
wherein 
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said distribution server includes first encrypt- 
ing means for encrypting said content decryption 
key and said second control information data with 
a predetermined key, and 

said content data reproducing device includes 5 
first decrypting means for decrypting data encrypt- 
ed with said predetermined key. 



8. The data distribution system according to claim 1 , 
wherein 

said distribution server (30) includes: 



10 



a first interface portion (350) for externally 
transmitting data over said information trans- 
mission network, is 
a first session key generating portion (320) for 
producing a first symmetric key to be updated 
upon every transmission of said content de- 
cryption key, 

a session key encrypting portion (322) for en- 20 
crypting said first symmetric key with a first pub- 
lic encryption key predetermined correspond- 
ing to the content data reproducing device of 
said user, and applying the encrypted first sym- 
metric key to said first interface portion, 25 
a session key decrypting portion (324) for de- 9. 
crypting data returned after being encrypted 
with said first symmetric key, 
a first decryption information data encryption 
processing portion (326) for encrypting said de- 30 
cryption information data with a second public 
encryption key extracted from data decrypted 
by said session key decrypting portion, and 
a second decryption information data encryp- 
tion processing portion (328) for encrypting the 35 
output of said first decryption information data 
encryption processing portion with a second 
symmetric key extracted from the data decrypt- 
ed by said session key decrypting portion to ap- 
ply the encrypted output to said first interface 40 
portion for distribution; 

said content data reproducing device further in- 
cludes a second interface portion (1102, 1104) 
for externally transmitting data over said infor- 
mation transmission network; 45 
said memory card (110) includes: 

a second session key generating portion 
(1312) for producing said second symmet- 
ric key, 50 
a first key holding portion (1 304) for holding 
a first private decryption key used for de- 
crypting the data encrypted with said first 
public encryption key, 

a first decryption processing portion (1 306) 55 
for receiving said first symmetric key en- 
crypted with said first public encryption key 
and performing decryption processing, 



a second key holding portion (1310) for 
holding said second public encryption key, 
a first encryption processing portion (1 340) 
for encrypting said second public encryp- 
tion key and said second symmetric key 
with said first symmetric key, and output- 
ting the encrypted keys to said second in- 
terface portion, 

a second decryption processing portion 
(1356) for receiving said decryption infor- 
mation data encrypted by and sent from 
said second decryption information data 
encryption processing portion, 
a storing portion (1410, 1500) for storing 
results of decryption of said second de- 
cryption processing portion, 
a third key holding portion (1414) for hold- 
ing a second private decryption key used 
for decrypting the data encrypted by said 
second public encryption key, and 
a third decryption processing portion 
(1416) for decrypting said decryption infor- 
mation data with said second private de- 
cryption key. 

The data distribution system according to claim 3, 
wherein 

said distribution server includes: 

a first interface portion for externally transmit- 
ting data over said information transmission 
network, 

a first session key generating portion for pro- 
ducing a first symmetric key to be updated upon 
every transmission of said content decryption 
key, 

a session key encrypting portion for encrypting 
said first symmetric key with a first public en- 
cryption key predetermined corresponding to 
the content data reproducing device of said us- 
er, 

a session key decrypting portion for decrypting 
data returned after being encrypted with said 
first symmetric key, 

a first decryption information data encryption 
processing portion for encrypting said decryp- 
tion information data with a second public en- 
cryption key extracted from data decrypted by 
said session key decrypting portion, and 
a second decryption information data encryp- 
tion processing portion for encrypting the out- 
put of said first decryption information data en- 
cryption processing portion with a second sym- 
metric key extracted from the data decrypted 
by said session key decrypting portion to apply 
the encrypted output to said first interface por- 
tion for distribution; 

said content data reproducing device further in- 
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eludes a second interface portion for externally 
transmitting data over said information trans- 
mission network; 
said memory card includes: 

5 

a second session key generating portion 
for producing said second symmetric key, 
a first key holding portion for holding a first 
private decryption key used for decrypting 
the data encrypted with said first public en- 10 
cryption key, 

a first decryption processing portion for re- 
ceiving said first symmetric key encrypted 
with said first public encryption key and 
performing decryption processing, is 
a second key holding portion for holding 
said second public encryption key, 
a first encryption processing portion for en- 
crypting said second public encryption key 
and said second symmetric key with said 20 
first symmetric key, and outputting the en- 
crypted keys to said second interface por- 
tion, 

a second decryption processing portion for 
receiving said decryption information data 25 
encrypted by and sent from said second 
decryption information data encryption 
processing portion, 

athird key holding portion for holding a sec- 
ond private decryption key used for de- 30 
crypting the data encrypted by said second 
public encryption key, and 
a third decryption processing portion for re- 
ceiving the output of said second decryp- 
tion processing portion and decrypting said 35 
decryption information data with said sec- 
ond private decryption key, and 
a storing portion for receiving and storing 
the output of said third decryption process- 
ing portion. 40 

10. The data distribution system according to claim 1 , 
wherein 

said information transmission network is a 
digital cellular phone network; 45 

said content data reproducing device includes 
a cellular phone (1 00); 

said cellular phone includes: 

a data I/O terminal (1120) for externally trans- 50 
mitting digital data, 

a memory card (110) removably attached to 
said cellular phone for receiving and storing 
said encrypted content data and said plain-text 
additional information data read from said 55 
record medium and applied via said data I/O 
terminal, 

decrypting means (1530) for decrypting said 



encrypted content data based on said decryp- 
tion information data received from said speci- 
fied distribution server over said digital cellular 
phone network, and 

reproducing means (1540) for receiving the 
output of said reproducing means, and repro- 
ducing information corresponding to said con- 
tent data. 

11. The data distribution system according to claim 10, 
wherein 

said decryption information data includes: 

a content decryption key for decrypting said en- 
crypted content data, and 
first restriction information data for restricting 
reading of said decryption information data 
from said memory card; and 
said memory card includes means for restrict- 
ing reading of said decryption information data 
from said memory card in accordance with said 
first control information data. 

12. The data distribution system according to claim 10, 
wherein 

said first control information data includes 
control data for designating allowed times of read- 
ing of said content decryption key from said memory 
card for decrypting said encrypted content data, 
and 

said memory card includes means for restrict- 
ing times of reading of said content decryption key 
from said memory card in accordance with said con- 
trol data. 

13. The data distribution system according to claim 10, 
wherein 

said decryption information data includes: 

a content decryption key for decrypting said en- 
crypted content data, and 
second control information data for designating 
conditions of reproduction by said content data 
reproducing device; and 
said content data reproducing device further in- 
cludes means for restricting the reproducing 
operation of said reproducing means in accord- 
ance with said second control information data. 

14. The data distribution system according to claim 13, 
wherein 

said distribution server includes first encrypt- 
ing means for encrypting said content decryption 
key and said second control information data with 
a predetermined key, and 

said content data reproducing device includes 
first decrypting means for decrypting data encrypt- 
ed with said predetermined key. 
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1 5. The data distribution system according to claim 1 0, 
wherein 

said cellular phone is removably attached to 
said content data reproducing device. 

16. The data distribution system according to claim 1 , 
wherein 

said information transmission network is a 
digital cellular phone network; 

said content data reproducing device includes 
a cellular phone for receiving said decryption infor- 
mation data from said specified distribution server 
over said digital cellular phone network; 

said cellular phone includes: 

decrypting means for decrypting said encrypt- 
ed content data based on said decryption infor- 
mation data, and 

reproducing means for receiving the output of 
said reproducing means, and reproducing in- 
formation corresponding to said content data; 
and 

said content data reproducing device further in- 
cludes: 

a memory card removably attached to said 
cellular phone for receiving and storing 
said encrypted content data and said plain- 
text additional information data, and 
a memory card drive device fortransferring 
the data from said record medium to said 
memory card. 

17. The data distribution system according to claim 16, 
wherein 

said decryption information data includes: 

a content decryption key for decrypting said en- 
crypted content data, and 
first restriction information data for restricting 
reading of said decryption information data 
from said memory card; and 
said memory card includes means for restrict- 
ing reading of said decryption information data 
from said memory card in accordance with said 
first control information data. 

1 8. The data distribution system according to claim 1 7, 
wherein 

said first control information data includes 
control data for designating allowed times of read- 
ing of said content decryption key from said memory 
card for decrypting said encrypted content data, 
and 

said memory card includes means for restrict- 
ing times of reading of said content decryption key 
from said memory card in accordance with said con- 
trol data. 



19. The data distribution system according to claim 16, 
wherein 

said decryption information data includes: 

a content decryption key for decrypting said en- 
crypted content data, and 
second control information data for designating 
conditions of reproduction by said content data 
reproducing device; and 
said content data reproducing device further in- 
cludes means for restricting the reproducing 
operation of said reproducing means in accord- 
ance with said second control information data. 

The data distribution system according to claim 19, 
wherein 

said distribution server includes first encrypt- 
ing means for encrypting said content decryption 
key and said second control information data with 
a predetermined key, and 

said content data reproducing device includes 
first decrypting means for decrypting data encrypt- 
ed with said predetermined key. 

The data distribution system according to claim 1 , 
wherein 

said information transmission network is a 
digital cellular phone network; 

said content data reproducing device includes 
a cellular phone for receiving said decryption infor- 
mation data from said specified distribution server 
over said digital cellular phone network; 
said cellular phone includes: 

decrypting means for decrypting said encrypt- 
ed content data based on said decryption infor- 
mation data, and 

reproducing means for receiving the output of 
said reproducing means, and reproducing in- 
formation corresponding to said content data; 
said content data reproducing device further in- 
cludes: 

a memory card removably attached to said 
cellular phone for receiving and storing 
said encrypted content data and said plain- 
text additional information data, and 
a memory card drive device (500) for trans- 
ferring the data from said record medium 
to said memory card; 
said record medium bears the encrypted 
content data, the plain-text additional infor- 
mation data, specifying data for specifying 
a plurality of predetermined unique keys, 
and decryption information data encrypted 
into a decodable form with the unique key 
corresponding to the specifying data; 
said memory card drive device includes: 
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a unique key holding portion for hold- 
ing the plurality of unique keys selec- 
tively designated by said specifying 
data, and 

a unique key decryption processing 5 
portion for decrypting said encrypted 
decryption information data obtained 
from said record medium with the 
unique key included in said plurality of 
unique keys and corresponding to said 10 
specifying data obtained from said 
record medium, and accepting the de- 
cryption information data; and 
said accepted decryption information 
data is transferred to said memory is 
card based on the fact that at least said 
memory card drive device can accept 
said decryption information data. 



22. A data distribution system for distributing encrypted 20 
content data to each of terminals of a plurality of 
users, comprising: 

a record medium bearing said encrypted con- 
tent data and plain-text additional information 25 
data for obtaining decryption information data 
to be used for decryption processing of said en- 
crypted content data; and 
a content data reproducing device for receiving 
said encrypted content data and said plain-text 30 
additional information data from said record 
medium, storing said encrypted content data 
and said plain-text additional information data, 
receiving said decryption information data from 
said distribution server specified based on said 35 
plain-text additional information data over said 
information transmission network, decrypting 
said encrypted content data in accordance with 
said decryption information data, and output- 
ting information corresponding to content data 40 
obtained by decrypting said encrypted content 
data. 

23. The data distribution system according to claim 22, 
wherein said content data reproducing device in- 45 
eludes: 



decrypting means for decrypting said encrypt- 
ed content data based on said decryption infor- 
mation data, and 

reproducing means for receiving the output of 
said decrypting means, and producing informa- 
tion corresponding to said content data. 

24. The data distribution system according to claim 23, 
wherein 

said memory is a memory card removably at- 
tached to said content data reproducing device. 

25. A record medium for use in a data distribution sys- 
tem provided with a distribution server for distribut- 
ing decryption information data used for decryption 
processing of encrypted content data over an infor- 
mation transmission network for the purpose of dis- 
tributing said encrypted content data to each of ter- 
minals of a plurality of users, each of said terminals 
including a content data reproducing device for re- 
ceiving said encrypted content data and plain-text 
additional information data, storing said encrypted 
content data and said plain-text additional informa- 
tion data, receiving said decryption information data 
over said information transmission network from 
said distribution server specified based on said 
plain-text additional information data, decrypting 
said encrypted content data in accordance with the 
decryption information data, and outputting infor- 
mation corresponding to content data obtained by 
decrypting said encrypted content data, compris- 
ing: 

a first region for bearing at least said encrypted 
content data; and 

a second region for bearing said plain-text ad- 
ditional information data for obtaining said de- 
cryption information data used for decryption 
processing of said encrypted content data. 

26. The record medium according to claim 25, further 
comprising: 

a third region for bearing said encrypted de- 
cryption information data, wherein 
said decryption information data includes con- 
trol information data for restricting reproduction 
of said encrypted content data. 

27. The record medium according to claim 25, wherein 

said record medium is a disk-like record me- 
dium. 

28. The record medium according to claim 25, wherein 

said record medium is a CD-ROM. 

29. The record medium according to claim 25, wherein 

said record medium is a DVD-ROM. 



reading means for reading said encrypted con- 
tent data and said plain-text additional informa- 
tion data from said record medium, 50 
a memory for receiving and storing said en- 
crypted content data and said plain-text addi- 
tional information data applied from said read- 
ing means, 

receiving means for receiving said decryption 55 
information data from said specified distribution 
server over said information transmission net- 
work, 
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FIG.9 
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